Feb 19 What is a Red Team

Historically, a red team was a group of military personnel playing the role of adversaries, the role of the enemy or opposing force team (“RED”), as opposed to the friendly forces team (“BLUE”). With time, the red teams mission and capabilities evolved and they turned into a force tasked with challenging the security posture of military bases, outposts and other “targets”. See “Red Cell”.

During the late 80s and early 90s, corporations in general and high-tech companies in particular sought a way to test their security posture and see whether they were vulnerable to attacks they didn’t account or plan for. The early civilian red teams were mostly information/computer security professionals mixed with physical security experts and they were mainly focused on what was then possible with the technology of the day. The organization’s policies were reviewed but this was not the focus of the red team exercises (red teaming).

Today red teams have evolved and are an important force in the security world. Both government and private organizations use red teams not only to test the current state of their physical and digital security but also to continuously challenge the plans, defensive measures and security concepts/policies. These exercises result in a better understanding of possible adversaries and help to improve counter measures against them and future threats. A key aspect of the red team operations today is the adversarial way of thinking, the “Red Team Mindset”. Red team members think outside the box; they are not bothered by rules or laws. They look at a problem from multiple perspectives at the same time, often probing the sides of a problem - or solution - that was never considered. Today, different government organizations and Fortune 50 companies use red teams to analyze and poke holes in a plan or concept of operation at pre-design, design, and final phases. In some cases, red teams are used to try to analyze a competitor’s point of view. Red teams recognize contingencies and bring them to the forefront of analysis by asking the right questions and challenging underlying assumptions.

The goal of a red teams is to enhance decision making. The Red Team Mindset seeks to apply this view of the world to planning and problem solving.

Red teams challenge the current security policies. They test the readiness of the quick reaction teams, CSIRT and CERT, of the security departments and of the security engineers in the digital world. They also test the readiness of national infrastructures security teams, something I think is of vital importance nowadays.

Note: Combining all the qualities of a red team and adding the fact that a red team is a great natural recon/surveillance tool, they can provide SOF units with much more than just adversarial services. They can provide on the field SIGINT, COMMINT and sometimes HUMINT capabilities.